<?php
include ('config.php');
if (isset($_REQUEST['user']))
$benutzer= substr($_POST['user'],0,30);
if (isset($_REQUEST['password']))
$passwort= substr($_POST['password'],0,30);

$a= mysql_query ("select passwort from benutzer where benutzer='$benutzer' and aktiv = 1");
$c= mysql_fetch_row($a);
if (!$password)
{
	error_log("User without authentification detected - User '$benutzer' \t time()",0);
	exit;
}
else
{
	if (md5($passwort)==$c[0])
	{
		if (isset($_REQUEST['type']))
		{
			$strType = $_REQUEST['type'];
		}
		else
		{
			$strType = "";
		}
		// $strTitle gegen Injection absichern
		//mysql_connect('localhost','root','root') or die('No database connection');
		//mysql_select_db('mydb') or die('Database selection failed');

		if (strlen($strType) > 0)
		{
			$result = mysql_query("SELECT `type` , `position` , `diameter` , `gps_latitude` , `gps_longtitude` , `count`, `idt1_hydranten` as remoteID, `comment` , `capacity` FROM `t1_hydranten` WHERE `type` = $strType");
		}
		else
		{
			$result = mysql_query("SELECT `type`, `position` , `diameter` , `gps_latitude` , `gps_longtitude` , `count`, `idt1_hydranten` as remoteID, `comment` , `capacity` FROM `t1_hydranten`");
		}
		
		while($e=mysql_fetch_assoc($result))
		{
			$output[]=$e;
		}
		if (isset($output))
		{
			print json_encode($output);
		}
		else
		{
			print json_encode(array());
		}
	}
	else
	{
		error_log("User password failed $benuzter \t time()",0);
		exit;
	}
}
?>